Fix UserRef<[T]>::copy_to_enclave_vec

thaliaarchi · thaliaarchi · commit 4cfdd682a42a · 2025-02-26T11:57:15.000-08:00
It reinterprets uninitialized memory as initialized and does not drop
existing elements of the Vec.
diff --git a/library/std/src/sys/pal/sgx/abi/usercalls/alloc.rs b/library/std/src/sys/pal/sgx/abi/usercalls/alloc.rs
@@ -645,17 +645,12 @@ where
 
     /// Copies the value from user memory and place it into `dest`. Afterwards,
     /// `dest` will contain exactly `self.len()` elements.
-    ///
-    /// # Panics
-    /// This function panics if the destination doesn't have the same size as
-    /// the source. This can happen for dynamically-sized types such as slices.
     pub fn copy_to_enclave_vec(&self, dest: &mut Vec<T>) {
-        if let Some(missing) = self.len().checked_sub(dest.capacity()) {
-            dest.reserve(missing)
-        }
+        dest.clear();
+        dest.reserve(self.len());
+        self.copy_to_enclave_uninit(&mut dest.spare_capacity_mut()[..self.len()]);
         // SAFETY: We reserve enough space above.
         unsafe { dest.set_len(self.len()) };
-        self.copy_to_enclave(&mut dest[..]);
     }
 
     /// Copies the value from user memory and place it into `dest`.
